You are not logged in.

#1 2021-07-11 15:26:44

blgrace
Member
Registered: 2016-07-13
Posts: 5

[SOLVED] port 22: No route to host remote ssh

Hi all

I'm trying to access my arch box from outside the LAN using dynamic DNS service  combines with port forwarding on my router.
I can ping my the arch box from anywhere using the dns domain name, but if I try to actually ssh in - I get the "No route to host" error.

For testing purposes only (and to rule out anything else getting in the way)  I have disabled my iptable rules and I'm forwarding to the default ssh port 22.

I have successfully ssh'd in from home using the dns domain rather than the local address and it works fine - but only on wired connection.
I installed a terminal emulator on my phone and attempted to login using the same dns domain and it just times out - but I can successfully ping the arch box from my phone over wifi.

I'm a newbie and quite confused about this.
I'm also old and frightened :)
I'm not on my arch box right now, but some output from my attempts to (remotely) trouble shoot.

sudo nmap -sS fdumptch.blah-blah.org
Starting Nmap 7.91 ( https://nmap.org ) at 2021-07-12 01:06 AEST
Nmap scan report for fdumptch.bleh-meh.org (xxx.yy.166.191)
Host is up (0.028s latency).
Other addresses for fdumptch.blah-blah.org (not scanned): 
rDNS record for xxx.yy.166.191: xxx-yy-166-191xxxxxxxxxx
All 1000 scanned ports on fdumptch.blah-meh.org (xxx.yy.166.191) are filtered

Nmap done: 1 IP address (1 host up) scanned in 31.02 seconds
sudo nmap -sL fdumptch.freeddns.org
Password:
Starting Nmap 7.91 ( https://nmap.org ) at 2021-07-12 01:20 AEST
Nmap scan report for fdumptch.fsmeegle.org (xxx.yy.166.191)
Other addresses for fdumptch.watrts.org (not scanned): 
rDNS record for xxx.yy.166.191: xxx-yy-166-191.xxxxxxxxxx
Nmap done: 1 IP address (0 hosts up) scanned in 0.45 seconds
ping -c 4 fdumptch.ni-ni-ni.org
PING fdumptch.carbunkle.org (xxx.yy.166.191): 56 data bytes
64 bytes from xxx.9yy.166.191: icmp_seq=0 ttl=48 time=27.591 ms
64 bytes from xxx.yy.166.191: icmp_seq=1 ttl=48 time=29.825 ms
64 bytes from xxx.yy.166.191: icmp_seq=2 ttl=48 time=29.772 ms
64 bytes from xxx.yy.166.191: icmp_seq=3 ttl=48 time=27.016 ms

--- fdumptch.frepnoids.org ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 27.016/28.551/29.825/1.264 ms

Regards

Last edited by blgrace (2021-07-12 14:57:59)

Offline

#2 2021-07-11 16:09:29

twelveeighty
Member
From: Alberta, Canada
Registered: 2011-09-04
Posts: 837

Re: [SOLVED] port 22: No route to host remote ssh

While all public IPs are scanned anyway by bad people, I would still recommend editing your post and censor out (e.g. xxx.yyy.166.191) at least a couple of octets in your public IP (both ipv4 and ipv6) to remove regional info.

Are you sure your router's firewall is not blocking port 22? That 'ping' response is likely coming from your router itself, not the Arch box behind it, so that may be a false indication that the box is reachable. When you mentioned 'iptables', I assume you were talking about the Arch box's firewall, not the router's? And vice-versa, if you have opened port 22 on the router's firewall, make sure it's open on the Arch box as well (assuming you have a firewall installed there).

Offline

#3 2021-07-11 16:30:41

blgrace
Member
Registered: 2016-07-13
Posts: 5

Re: [SOLVED] port 22: No route to host remote ssh

Thanks for your response.
Bad people will be disappointed in what they (don't) find on the arch box - but point taken and I edited out stuff.

I had iptable rules on the arch box which I took down for testing purposes.
The router's firewall is indeed still up.
I assumed that port forwarding 22 on my router to my arch box would open it up for me?
It's open because I can login from my LAN without issue - as long as it's wired - wireless attempts fail

I don't understand networks - they hurt my mind.
I just want to be able to access my " hobby project" from work to keep me entertained.

I may also be entertaining bad people though smile

Never the less - i would like to understand why its not working so I can implement a more secure attempt in the near future.

Offline

#4 2021-07-11 20:53:38

seth
Member
Registered: 2012-09-03
Posts: 22,178

Re: [SOLVED] port 22: No route to host remote ssh

I assumed that port forwarding 22 on my router to my arch box would open it up for me?
It's open because I can login from my LAN without issue - as long as it's wired - wireless attempts fail

Not if the router has a FW in fron of the DMZ that does the port forwarding.
The port is filtered from the outside, it's not that ssh behind it doesn't work.

If you access the router WAN from within the LAN its FW might (likely) recognize that and grant access - if your local wifi operates on a different subnet (eg. because it's setup for guest usage and internet access only - check "ip a" on wifi and ethernet access?) it might be blocked for that reason.

The problem is in the router config for 99.999% sure.

Online

#5 2021-07-11 22:04:38

blgrace
Member
Registered: 2016-07-13
Posts: 5

Re: [SOLVED] port 22: No route to host remote ssh

Hi,
Turns out my ISP explicitly blocks port 22 from the outside world.
Changed the port that sshd listens to and it now works as intended.

Another triumph, Huzzah!

How to mark the thread [SOLVED] ?? . . . because it is  :)

cheers

Last edited by blgrace (2021-07-11 22:06:30)

Offline

#6 2021-07-11 22:08:35

seth
Member
Registered: 2012-09-03
Posts: 22,178

Re: [SOLVED] port 22: No route to host remote ssh

Mark resolved threads by editing your initial posts subject.

Out of curiosity: comcast or verizon?

Online

#7 2021-07-12 14:59:18

blgrace
Member
Registered: 2016-07-13
Posts: 5

Re: [SOLVED] port 22: No route to host remote ssh

Thanks seth
neither of those.
Internode

Offline

#8 2021-07-12 15:09:37

seth
Member
Registered: 2012-09-03
Posts: 22,178

Re: [SOLVED] port 22: No route to host remote ssh

So I reckon Downunder runs a competition for the most annoying ISP too… tongue

Online

#9 2021-07-13 20:35:57

blgrace
Member
Registered: 2016-07-13
Posts: 5

Re: [SOLVED] port 22: No route to host remote ssh

:-)

Offline

Board footer

Powered by FluxBB